READER COMMENTS ON
"ACTION ALERT: Say No to Prohibited Software in Voting Machines!"
(32 Responses so far...)
COMMENT #1 [Permalink]
said on 12/30/2005 @ 9:28 am PT...
Thanks John - completed! It was simple to complete! I wish the bureautic wheels would move faster...
COMMENT #2 [Permalink]
said on 12/30/2005 @ 10:16 am PT...
Where is the outrage about the recent leak? The plame leak which had no effect on this countries ecurity was plastered all over the place on this blog. The probe into the recent leak isnt mentioned or cared about.
Where is the concern for national security? Its lost in your BS partisenship. Because thats all the plame leak concern was, politics for you people.
Where is the story about the Sunni's acccepting the voting as legit? You run the negative sotires but no the positive ones? Why is that libs?
I thought it was about what is right and wrong, not left and right?
COMMENT #3 [Permalink]
said on 12/30/2005 @ 10:19 am PT...
Your post is off topic and off logic as usual. Post your crap where it is in context.
People here tend to be aware of the subject being discussed even tho you are not.
COMMENT #4 [Permalink]
said on 12/30/2005 @ 10:34 am PT...
John, you say that the "Federal Voluntary Voting System Guidelines (VVSG) of 1990 and 2002 specifically prohibit" interpreted code.
However the use of the term "Voluntary" gives me pause as to whether it is mandatory if it is voluntary.
And therefore whether or not it is really prohibited by the force of law.
COMMENT #5 [Permalink]
said on 12/30/2005 @ 11:06 am PT...
Thank you John! Thanks to the tireless work you, Brad, Bev, Debra, all the people involved in this fight are doing. I think we're finally getting some legs on this puppy!
My friend who wrote Who's Counting has recently been in contact with Mark Crispin Miller and he's also got some brilliant ideas on how to draw together all the different grassroots groups working on exposing and reforming the fraudulent electronic voting system. I think this is one of the weaknesses of the Dem party in general - there are so many of us but we are quite fragmented.
I've been to Mark's blog and it's pretty dang quiet over there. He mentioned to my friend that his publisher didn't send him to LA on his book tour for Fooled Again because they couldn't get any local media coverage!
Anyways, thanks for all you're doing and if/when you get a chance, please check out Who's Counting.
COMMENT #6 [Permalink]
said on 12/30/2005 @ 11:15 am PT...
COMMENT #7 [Permalink]
Robert Lockwood Mills
said on 12/30/2005 @ 11:16 am PT...
Ricky, for your information, I have already confessed to being the leaker. My public confession on another blog was a joke, of course, but one intended to make the point that the person who spilled the beans is a national hero.
He or she exposed a criminal act, spying illegally against American citizens. Unless it is later shown that the leaker has direct ties to a terrorist organization, the assumption may remain that the leaker was motivated by a desire to protect and defend the Constitution...something Bush twice swore an oath to do and then violated that oath.
The person who outed Valerie Plame, on the other hand, was not motivated by any affirmative motive,
rather by a desore to punish someone who told the truth about Bush administration lies (her husband, Joseph Wilson), and/or to discourage others from doing the same in the future.
COMMENT #8 [Permalink]
said on 12/30/2005 @ 11:37 am PT...
Ricky just doesn't understand! The difference is clear as a bell!
COMMENT #9 [Permalink]
said on 12/30/2005 @ 11:43 am PT...
Sent my emails too.
Happy New Year Brad and all the fellow Bradonians!!!!
COMMENT #10 [Permalink]
said on 12/30/2005 @ 11:58 am PT...
Dredd #4 - The Voluntary Voting Systems Guidelines are voluntary in that states are not mandated to require voting systems be qualified federally or to meet the 2002 rather than the 1990 standards. The standards ban interpreted code and the ITAs are required to deny qualification if they find it or if they are doing their jobs.
COMMENT #11 [Permalink]
said on 12/30/2005 @ 12:22 pm PT...
COMMENT #12 [Permalink]
said on 12/30/2005 @ 1:58 pm PT...
Done and Done,Thanks to the 6 or 7 that I know will do their duty to their country.Happy New Year too.
COMMENT #13 [Permalink]
said on 12/30/2005 @ 2:23 pm PT...
Regarding the dilemma with standards being "voluntary" --- the key to decertification is still violation of the FEC standards, because the testing labs use them to recommend certification.
A system can be used in certain states even though it violates FEC standards, if that state doesn't require federal certification. States like New Hampshire don't require federal certification.
However, if a system does not meet FEC standards, it is not supposed to be recommended by the federal testing labs (although they have consistently recommended voting systems that violate the standards).
Ciber, for example, breaks the FEC standards out onto a grid and checks "pass" or "fail" for each requirement. Then Ciber issues a recommendation for certification, after working privately with the vendor to correct the failed areas.
The testing labs claim they never looked at AccuBasic or the interpreter. California then required them to write a formal report on the AccuBasic and the interpreter. That trap was set very cleverly.
A clarification, it wasn't "some computer experts" in Florida, it was a Black Box Voting project, developed in cooperation with a still unnamed party, and the expert has a name, Harri Hursti.
Another discovery has been achieved through Black Box Voting's sponsored research, and another project will hopefully take place soon. E-mails will go out today on that.
COMMENT #14 [Permalink]
said on 12/30/2005 @ 4:22 pm PT...
I have also written the commissioners of EAC to ask for their direct action. I do not have much faith in them though. Since when is Ray Martinez to be trusted?
COMMENT #15 [Permalink]
said on 12/30/2005 @ 4:33 pm PT...
Ignore Ricky the idiot, since his only purpose is to get you to "look at the issue of leaking the "spy program" which we already know the spy program is illegal.
Focus on the goal only, do not get distracted.
Federal System Voluntary guidelines have penalties; and technically John that means they should be forced to de-certify ALL of them, not a few of them whatsoever...since they violated their own law. Either that or the ITA & EAC is full of shit which wouldn't help matters.
But lets get this clear...the ITA FAILED to do its job, and fraud, irregularities damaged elections in mass as a result. They need to be held accountable, I believe....I've passed on this letter. Its time to hold them to the fire.
COMMENT #16 [Permalink]
said on 12/30/2005 @ 5:22 pm PT...
Doug E. #15 -
I agree 100%. Holding the ITAs responsible for doing their jobs is exactly why we are doing this action.
The EAC has gotten a free-ride from us for too long. They have hidden behind the fact that they were formed months after they should have been and they were not funded properly.
That's no longer a good excuse. Ex-commission Buster Soaries threw-up his hands and resigned when he saw there were huge problems.
COMMENT #17 [Permalink]
said on 12/30/2005 @ 6:01 pm PT...
Your piece here never mentions that the research and investigations that preceded and made possible the VoteTrustUSA initiative were carried out by BlackBoxVoting.org
Because of the piece's length and the number of issues it refers to which relied directly or indirectly on original investigative work carried out by BBV, the omission should be addressed. Harri Hursti also deserves to be mentioned by name.
Earlier today I wrote a lengthy piece at BBV about the important VoteTrustUSA action, complete with a possible press release. Imagine my surprise when I was subsequently at the VoteTrustUSA website and saw that BBV.org is not even mentioned in their home-page listing of national election reform organisations. In the other articles I saw there, many of which were dependent on the original investigative work done by BBV, BBV was not mentioned at all.
The comprehensive omission there is inappropriate. Frankly it diminished the VoteTrustUSA organization in my eyes.
Perhaps you can use your influence and position of responsibility at VoteTrustUSA to make sure this is put right.
All these organizations are doing excellent work, and each should be duly recognized. I can't count how many times I have pointed folks to the VotersUnite website and highlighted your important work there. The current VoteTrustUSA initiative is outstanding and deserves to be widely supported. Regardless of personal relationships VoteTrustUSA needs to be fair about explicitly acknowledging the contributions made by other groups and individuals, particularly when its own initiatives rely on the work done by those other groups.
I hope you can edit your post here to include a mention of BBV and Harri Hursti's role in the events such as the Florida hack which you mentioned at length.
Thanks for highlighting the VoteTrustUSA initiative here. The website you've done there really helps people to participate by sending a letter to the EAC with a minimum of effort. It's yet another great job on your part.
COMMENT #18 [Permalink]
said on 12/30/2005 @ 6:42 pm PT...
John: Yes I ditto those reccomendations. BlackBoxVoting and other groups like USCountVotes should be awcknowledged by name and by source, since they have done a huge amount of the work in fighting in the trenches.
As long as we are fighting this ultimately together, since fair elections affect us all, each group should be recognized including senators who have fought for this as well--and I would hope that this ommission is corrected soon before the press-release gets too far widespread.
In these kind of situations it is usually an error, though all too-often, the voting integrity movement gets caught up in the "personalities" battle diminishing the importance of the real hard work that is to be done, and feeding into the fascist movement, so everyone must strive to leave their personalities at the door and simply make the voting problem front-page until it is corrected.
COMMENT #19 [Permalink]
said on 12/30/2005 @ 8:41 pm PT...
Update to #17 and #18:
John Gideon has indicated that BBV is now being added to the VoteTrustUSA list of national organizations.
I hope that this blog item and the VoteTrustUSA materials will also be updated to acknowledge BBV's and Hursti's role.
COMMENT #20 [Permalink]
said on 12/31/2005 @ 2:06 am PT...
You've got some really good info inyour blog.You are right on the money with this one. Well said!
I wish more people felt this way and took the time to express themselves. Keep up the great work.
COMMENT #21 [Permalink]
said on 12/31/2005 @ 6:40 am PT...
John #10; Bev #13
It sounds like we do not have force of law behind us except in states that remove the "voluntary" aspect of the voting machine law when they write their own laws. Like NC.
Seems to me HAVA is a toy to the extent it puts everything under EAC (link here). On Dec 13, 2005, the EAC adopted the guidelines (link here).
It seems to me that there is a reluctance to bring mandatory guidelines. I can't figure out why, unless I resort to recent experience which would lead me to conclude it is because criminals are handling the elections in whole or in part.
The guidelines themselves (link here) say:
"It is well known that deficiencies in election management and administration procedures can have just as much impact on the enfranchisement of voters and the outcome of elections as the functioning of the voting machines. The overall integrity of the election process depends on both of these elements working together."
This to me is a cop out. Calling the specifications "guidelines" and "voluntary" and in the preamble itself saying the machines are only half of the problem, is a cop out.
I am not at all satisfied. If ATM specs said "it is well known that deficiencies in bank management" are just as much to blame as ATM machines and the specifications are mere guidelines and are voluntary ... guess what ... I damn sure would not be using ATM machines.
At this point the election machine guidelines stemming from the HAVA are a joke IMO.
They must become better and they must become mandatory.
COMMENT #22 [Permalink]
said on 12/31/2005 @ 6:55 am PT...
DREDD --- As usual, your insights are dead-on.
I once heard the rationale that the reason the standards are "voluntary" was that elections are governed by state law, not federal. Of course, that's really not the case. While it is true that there is no federal right to vote, enabling states to muck up access to the vote, it is also true that federal law can govern at least some components of elections --- after all, the Voters Rights Act of 1965 is federal. The requirement to keep records 22 months in federal elections is federal. HAVA is federal.
So what, really, is the reason they have not codified the standards into law?
There are a number of things that really smell here. The General Services Administration (GSE), which doles out the HAVA money, can be a real investigative bear when it deals with telecoms. Why, then, did the GSE cede authority to oversee voting machines to the underfunded EAC?
BBV's Kathleen Wynne delved into that a bit, and the answers went round the mulberry bush.
The truth behind all this dodginess is something I think we all know, in our sinking hearts.
And it's been going on much longer than six years. It took a while for this boondoggle to evolve.
COMMENT #23 [Permalink]
said on 12/31/2005 @ 6:58 am PT...
BB2 #9 - I thought your "official designation" was Bradovians. I was accepting. Now it's Bradonians? What was wrong with Bradvillians, or Bradvillers, for that matter? I happen to be an occasional visitor to Bradville. Do you go to Bradov, or Bradon? The key to the city is yours for the claiming, I'm sure. Just tell us where the hay we are, please!
COMMENT #24 [Permalink]
said on 12/31/2005 @ 8:36 am PT...
The quote I provided, as I looked at again, seems to be Katrinaesque.
I modified it for effect:
"It is well known that deficiencies in city management and administration procedures can have just as much impact on the enfranchisement of hurricane victims and the outcome of disaster protections as the functioning of the FEMA machinery. The overall integrity of the emergency relief process depends on both of these elements working together."
I think we have the first cut and paste government forming ... and hopefully the last.
We should use a similar tactic (cut and paste their sentence lengths) when they are sentenced to prison.
COMMENT #25 [Permalink]
said on 12/31/2005 @ 10:28 am PT...
Dredd #21 - The VVSG that were adopted on Dec. 13 do not take effect until Dec. 2007. I just wanted to make that clear.
The voting systems standards were adopted originally so testing and qualification of voting systems could be accomplished and the states did not have to do the work. It is voluntary for the states. As mentioned before, NH does not require any system to be federally qualified. There are many other states where this is the case.
In order for a voting system to be federally qualified and to get that vaunted 'N' number they are REQUIRED to meet the standards. The standards do not allow 'interpreted' code yet Diebold got qualified. That is the reason for the actions we are taking.
No one is holding the ITAs accountable. They are federally certified to do their work. It is our intent to force the EAC to do their job and change the way the ITAs work or strip them of their federal certification and take the work away from them.
COMMENT #26 [Permalink]
said on 12/31/2005 @ 11:16 am PT...
I do not discount that strategy. Chipping away, hammering away, and all that works for me.
However there is also a part of me that is outraged and can't take another second of this phony system.
And I think I am like most Americans who are watching and waiting for an opportunity to sock it to these criminal thugs.
COMMENT #27 [Permalink]
said on 12/31/2005 @ 2:28 pm PT...
This issue is bigger than all other issues facing America right now, even bigger than the taking back of the propaganda media of misinformation, disinformation and non-information. The “war-on-terror” issue will be seen in perspective once the wild panic about the irrational fear of the boogieman-under-your-bed is exposed to the daylight of rational analysis.
The days when their lofty rhetoric worked well enough to muddy the waters in the face of cold hard facts are almost behind us and the only way they can win elections is by cheating at the voting booth.
Sure, there are still enough fear and hate filled, Fox News created, religious wacko idiots out there to enable them to put up a good show but enough of the brain-dead have seen the light to make it impossible for the Republicans to win any free and fair election.
COMMENT #28 [Permalink]
said on 12/31/2005 @ 4:06 pm PT...
Well said Patel.
Happy new year!
COMMENT #29 [Permalink]
said on 12/31/2005 @ 4:41 pm PT...
Bev: If this is true, than criminals who steal elections have been par for the course.
Its time to kick them all out, starting with as you say the ITA's false, lazy and mockery testing procedures. Every one of them must be held to the fire, lets shoot em where it counts.
COMMENT #30 [Permalink]
said on 1/3/2006 @ 11:32 am PT...
THE PROBLEM OF ELECTION RIGGING NOT TAKEN SERIOUSLY ENOUGH
News & Politics
Chronogram - Kingston,NY,USA
... "Maryland, where I live, uses Diebold DREs, which are ... Three-voting vendors--Diebold, Election Systems and Software (ESS), and Sequoia--dominate the market. ...
See all stories on this topic
News & Politics > Voting 2.0
Will Your E-Vote Count?
By Cheryl Gerber Illustrations By Dash Shaw
Imagine this: A Trojan Horse unleashes thousands of illegitimate votes and disappears without a trace, election commissioners bypass laws, uninvestigated computer glitches and easily picked locks in voting systems, no federal oversight holding e-voting vendors accountable—yes folks, elections can be stolen.
Since the 2000 Presidential election, problems stemming from the use of electronic voting machines have called into question the foundation of American democracy—the US voting system. At the forefront of concerns are security issues surrounding the use of Direct Recording Electronics [DREs], better known as touch screen computer voting machines, and their lack of a paper trail in the form of an auditable paper ballot. Widely reported irregularities from voting districts around the US have alarmed many and opened claims of stolen elections. Some even doubt the legitimacy of the outcome of recent US elections. A team of top computer scientists has been working diligently to resolve the many underlying design problems in the e-voting system that leave it open to cheating. Stalled by the federal government, and with doubts about e-voting continuing to spread, these scientists have instead turned to state governments and the National Science Foundation for help.
"Maryland, where I live, uses Diebold DREs, which are an ideal opportunity for cheating," said Dr. Avi Rubin, Technical Director, Information Security Institute, Johns Hopkins University. "In fact, you couldn't come up with a better opportunity for cheating. There's no ability to audit or recount, and the entire process takes place inside the computer, which is not transparent."
In May 2004, Rubin co-authored an analysis of electronic voting systems, raising concerns about lack of security, for the Institute of Electrical and Electronics Engineers (IEEE), the world's largest professional organization for technical standards. He also served in 2004 as a poll worker and election judge in Baltimore County, Maryland, where he lives. These and other experiences have only served to raise his concerns about the possibility for cheating via the use of electronic voting machines.
Efforts to Secure E-voting Stalled
Apprehension about the lack of security in Diebold's DREs and other touch screen computer voting machines spurred David Dill, a Stanford University computer science professor, to establish the Verified Voting Foundation in November 2004. According to Dill, when federal legislators tried to create a law that would address e-voting security problems, it was "blocked by a committee chairman, so we focused on state legislation."
Since then, the group has been advising states on e-voting security problems and the need, at a bare minimum, for a verified voting paper audit trail.
Earlier this year, Congressman Rush Holt (D-NJ) submitted a bill, The Voter Confidence and Increased Accessibility Act of 2005 (HR 550), to the House Administration Committee. The bill requires a paper audit trail at the federal level. But Holt has not been able to get the chairman of the committee, Congressman Robert Ney (R-OH), to schedule a hearing on it all year long.
"Congressman Ney will not schedule a hearing on the bill, so it remains in limbo," confirmed Pat Eddington, Holt's press secretary.
Even the bi-partisan federal Carter-Baker Commission Report could not nudge Ney. Set up to review the entire electoral process and co-chaired by former president Jimmy Carter and former Secretary of State James Baker, the report strongly endorses the need for a paper audit trail. (Congressman Ney's office did not return repeated calls.)
In lieu of the refusal of some at the federal level of government to address the issues surrounding the legitimacy of electronic voting procedures and work toward safeguarding American elections, Verified Voting turned to state governments. Since its founding, Verified Voting has helped 26 states establish state legislation that requires a paper audit trail in e-voting machines, and 14 states have requirements pending, according to verifiedvoting.org.
However, paper receipts only begin to address the complexity of electronic voting problems. The most serious concern among computer scientists studying the problems is the "Trojan Horse," a computer code that can be programmed to hide inside voting software, emerge in less than one second to change an election, then destroy itself immediately afterwards, going undetected.
"Anyone who has access to the software—an insider—could easily insert a Trojan Horse into the software," said Barbara Simons, a past president of the Association for Computing Machinery and a retired IBM researcher who is co-authoring a book on the risks of computerized voting. The problem is that the Trojan Horse cannot be detected unless the software is inspected continuously—as in every second—for its presence.
No Oversight of E-voting Legitimacy
Three-voting vendors—Diebold, Election Systems and Software (ESS), and Sequoia—dominate the market. Since e-voting is unprecedented in the history of elections and law tends to lag behind technology development, there is no federal oversight body holding these companies accountable for the security and reliability of their electronic voting systems. Their machines are supposedly tested by independent testing authorities. "But it turns out that the vendors pay the independent testing authorities and the vendors keep the results confidential," said Simons. "So you have a huge conflict of interest right there."
In addition, said Simons, "There is no requirement to make any problems public or even to reveal them to election officials because this information is proprietary for the vendors. Also, the testers are only required to test for things on a list and aren't required to test for things that aren't on the list. If you are going to subvert software, you are not going to do something that will be found by a checklist. So it's easy to insert a Trojan Horse into the software because the testing won't find it. And even if they did find it, there are no requirements to report it." Vendors are the ones who decide what goes on the list and what doesn't.
The privatization of the US voting process means the public lacks access to, or the ability to inspect, election software, as well as information about or even the names of the computer programmers who created it. Private companies and e-voting vendors flatly state that their election systems must be kept confidential as exclusive property right products, and therefore refuse to release their software source code for inspection by independent third parties. They claim that to do so would violate their right to copyright secrecy and would open the door to rivals who could steal their products. But some wonder what else vendors might be trying to hide. For instance, according to information reported on www.blackboxvoting.org, a non-partisan, nonprofit consumer protection group that is conducting fraud audits on the 2004 elections, Diebold, one of the e-voting vendors, hired ex-felons, who were convicted in Canada of computer fraud, to program election systems software.
"I don't want to malign ex-felons," said Simons, "but you want to know the names of the people who are programming the machines that will be recording and counting our votes." On the other hand, it is not uncommon for major companies to hire, as programmers, former hackers who have proven themselves to be advanced enough to hack into even the most sophisticated and safeguarded systems. In some cases, to successfully gain entry into an ultra-secured system can guarantee a hacker a job.
E-voting machine companies like Diebold are, in essence, funded to the tune of $3.9 billion by a 2002 federal law, entitled the Help America Vote Act (HAVA) which appropriates these funds as only an initial amount to the states to purchase e-voting for all national elections. States are required to phase out punch-card ballots and other systems that seemingly were problematic in the 2002 presidential election in Florida and to standardize on electronic voting systems for national elections by January 1, 2006. The problem is that this does not give the states enough time to deal with the complexity of electronic voting systems. And HAVA does not require e-voting companies to provide the kind of good security in those systems that would prevent chances of cheating.
Concerns about the many anomalies in the November 2004 election and about the gross lack of security in touch screen computer voting machines, spurred Dr. Rubin to apply for funding from the National Science Foundation to research solutions to the problems. In August 2005, the NSF's Cyber Trust program responded by awarding Rubin and his team of computer science researchers $7.5 million to investigate ways to build trustworthy e-voting systems. Rubin is now the director of the NSF project ACCURATE (A Center for Correct, Usable, Reliable, Auditable and Transparent Elections). ACCURATE involves six institutions that will collaborate to investigate how public policy and technology can safeguard e-voting nationwide.
"The NSF recognized that this is a problem of tremendous significance to the country," said Rubin. "It's a deep-rooted, scientific problem."
The funded researchers are Prof. Avi Rubin, Drs. Drew Dean and Peter Neumann of SRI International; Prof. Doug Jones of the University of Iowa; Profs. Dan Wallach and Michael Byrne of Rice University; Profs. Deirdre Mulligan and David Wagner of the University of California at Berkeley; and Profs. Dan Boneh and David Dill at Stanford University, along with numerous affiliates.
However, scientists and academics can only partly address the complexity of e-voting problems, leaving many of the battles to be fought at the state legislative level.
Bypassing the Law
One especially salient example (as recorded on www.verifiedvoting.org), shows that in response to numerous and varied voting system malfunctions that occurred in the November 2004 elections, North Carolina passed tougher requirements for election systems in its Public Confidence in Elections Act in early 2005. Under the new law, manufacturers must place in escrow the source code, the blueprint that runs the software, and "all software that is relevant to functionality, setup, configuration, and operation of the voting system" as well as a list of all computer programmers responsible for creating the software.
However, implementation of this law has been stymied by an interesting turn of events fueling the belief of some e-voting critics that Board of Election officials are too partisan for a job that requires objectivity, or who feel that election commissioners have relationships with e-voting vendors that seem far too cozy. The events in North Carolina involve Diebold—the e-voting vendor whose bid was selected by North Carolina's Board of Elections—and the very same Board of Elections.
Diebold responded to the new requirements by asking to be exempt from them, but a North Carolina Superior Court judge refused to grant the exemption. After losing in court, Diebold withdrew from their bid to provide elections systems in November 2005. However, in a surprising turnaround in December 2005, the North Carolina Board of Elections certified Diebold Elections Systems to sell electronic voting equipment in the state, despite Diebold's admissions that it could not comply with the state's election law.
The Board was able to do so because its election commissioners—not judges or computer science experts—are the ones who have the ultimate authority to certify election systems in the state. Instead of rejecting the vendor's applications and issuing a new call for bids that complied with the law, the Board of Elections certified all of the vendors' systems. The Electronic Frontier Foundation (EEF), a nonprofit consumer advocacy group of technologists and lawyers formed in 1990 to protect digital rights in our increasingly networked world, took issue with the North Carolina Board of Elections, which certified the three elections systems companies: Diebold, Election Systems and Software, and Sequoia Voting Systems. Citing the Board's action as an example of election commissioners having too much authority, Keith Long, EFF advisor to the Board, who was formerly employed by both Diebold and Sequoia, stated that none of the vendors meet the statutory requirement to place their system code in escrow.
"The Board of Elections has simply flouted the law," said EFF staff attorney Matt Zimmerman in a release he issued on December 2, 2005. "In August, the state passed new rules that were designed to ensure transparency in the election process and the Board simply decided to take it upon itself to overrule the legislature. The Board's job is to protect voters, not corporations who want to obtain multi-million dollar contracts with the state."
An ESS spokeswoman stated that ESS computer systems are secure, owing to a back-up system. However, as Simons pointed out, that does not address the problem. "If the machine doesn't record the votes correctly to begin with, it does not matter how many copies of that original incorrect recording you have." ESS' spokeswoman countered by assuring that the company's systems are accurate.
How New York Measures Up
New York State amended its Election Reform and Modernization Act of 2005 to include a provision for escrow requirements, which all election systems vendors must comply with in order to have an e-voting system certified in the state. The provision requires programming, source code, and voting machine software to be placed in escrow with the state Board of Elections, and requires the election systems vendors to waive all rights to assert intellectual property or trade secret rights. The amendment also requires that elections systems be tested by independent experts under court supervision.
Putting software source code in escrow provides an opportunity to inspect the code when there are anomalies in the election. It is already difficult to track down malicious code like a Trojan Horse; however, as researcher Simons pointed out, "there's no chance you will find it if you can't look at it."
New York also passed a series of bills, including a voter verified paper trail requirement that is an addition to HAVA, since the federal law does not require it.
But New York's election law omits the requirement to turn over the names of all computer programmers who are responsible for creating the software code. Since programmers are the ones who would be able to create and insert a Trojan Horse code, they are the ones who could ultimately rig a national election. If you don't know who the programmers are, you can't find out who created the problem, or who asked them to do it. Not to mention that a Trojan Horse program is set up to erase evidence of itself once it has done its job.
"Having the software source code doesn't guarantee that you will detect critical software bugs or malicious code," said Simons. "Anyone with access to the election software of a major voting machine vendor can change the outcome of a national election and determine which party will control Congress. Election fraud can now be committed on a national, not just a local, basis."
Yes Folks, the Election Can Be Stolen
With the old lever machine method of voting, election fraud could only be committed on a local, or possibly a regional basis without high risk of getting caught. But now it would take only one well-placed programmer creating malicious code to rig a national election. "How do you know what software is running on Election Day?" asked Simons. "You could easily add a last-minute software patch to do something on Election Day, [and that would] then immediately erase itself."
Software bugs can also be programmed undetected. "Buggy software is an important problem in computer security," said Stanford University's Dill. "A huge number of problems we have are due to computer software buffer overflows, which overwrite computer functions to get control of the machine." Computer buffer overflows are a standard way for Trojan Horses to take control of a computer and make changes to it, while leaving no evidence behind.
The GAO report concluded that national initiatives to improve voting systems lack plans for implementation or are not expected to be completed until after the 2006 election, stating: "Until these efforts are completed, there is a risk that many state and local jurisdictions will rely on voting systems that were not developed, operated, or managed in accordance with rigorous security and reliability standards."
Reiterating the reality that there is no such thing as software without bugs, Dill explains, "Eliminating bugs from programs has been an unsolved problem since computers were invented. The problem grows harder every year, as the systems get more complicated. Anyone who says they can generate large software without bugs is not telling the truth. We don't know yet how to make computer programs perfectly secure. That is why you always have to have independent reliable ways to check the results. The election can be stolen, nobody can tell, and it's easy to do."
Another opportunity for election fraud is in software patches, which are the routine fixes to software bugs that work the same way a repair patch is put on a flat tire. A programmer can deliver a patch to a bug that is an election rig instead of a fix and, again, it would not be detected unless it was inspected.
"There's a tendency for people to regard computers as the epitome of accuracy," said Dill, highlighting the fact that the lack of security in the source code is fundamentally a human problem. "This is why computer scientists have gotten involved—because they understand the limitations of technology."
Dill and other computer science professionals have been trying to educate people about the current, serious limitations of using computers for voting. "People just don't believe it when we say computer voting machines are insecure since they don't understand how deeply complicated software can be. Because these are computers, you need much more security with them than you do with old-fashioned paper-based systems," he explained.
"The hardest people to convince are those who have signed multi-million dollar contracts to buy e-voting machines before they were made secure," added Dill, alluding to election officials who thought they were buying the latest, greatest technology in the DRE or touch screen machines and therefore later become defensive when computer scientists inform them that their purchase is unreliable and insecure. "They are understandably reluctant to admit that they made a mistake."
And some complain that the January 1, 2006 HAVA standardization requirement, and the vagaries within the law that omit major areas of concern, has set unrealistic goals for election officials and backed them into a corner. Given the complexity of these machines, it can be argued that officials need more time for discovery and resolution to the problems.
"If we find out after the purchase of these machines that they are not secure and Congress is given evidence that they are not secure, will they make a new set of regulations, which will cost X millions of dollars?" asked Lee Daghlian, public information officer of the NYS Board of Elections.
Cozy Relationships and Huge Profits
However, zooming in on the election commission business also reveals a close-knit community. As in the example mentioned earlier in which North Carolina's Board of Elections went ahead and certified Diebold systems despite the Superior Court judge's ruling, many see the close relationships between election commissioners and election systems vendors as overstepping certain ethical boundary lines. Huge profits are to be made by election-system vendors and they court election officials accordingly. "They wine them and dine them," said Dill. "Election officials have known the election systems vendors longer than they've known the computer scientists. And there's a revolving door. A good career path for an election official is to go work for a vendor."
In October 2005, the General Accounting Office (GAO), the nonpartisan independent investigative arm of the federal government, issued an illuminating report that raised a multitude of concerns about electronic voting security and reliability. The report found that cast ballots, ballot definition files in the voting software, memory cards, and computer audit files all could be modified. Election systems had easily picked locks and power switches that were exposed and unprotected.
The GAO report showed that voting-machine vendors have weak security practices, including the failure to conduct background checks on programmers and system developers and a failure to establish clear chain-of-custody procedures for handling voting software. It also found that voting system failures have already occurred during elections, identifying a number of cases in California, for instance, where a county presented voters with an incorrect electronic ballot, which meant they could not vote in certain races. And in Pennsylvania, where a county made a ballot error on an electronic voting system that resulted in the county's undervote percentage—that is when a candidate is given fewer votes that he or she actually won—reaching 80 percent in some precincts. And in North Carolina, where electronic voting machines continued to accept votes after their memories were full, causing more than 4,000 votes to be lost.
And these are only a few examples out of thousands that were reported but not investigated.
In addition, the GAO discovered that standards for electronic voting adopted in 2002 by the Federal Election Commission contain vague and incomplete security provisions for commercial products and inadequate documentation requirements; and that tests currently performed by independent testing authorities and state and local election officials do not adequately assess electronic voting system security and reliability.
The GAO report concluded that national initiatives to improve voting systems lack plans for implementation or are not expected to be completed until after the 2006 election, stating: "Until these efforts are completed, there is a risk that many state and local jurisdictions will rely on voting systems that were not developed, operated, or managed in accordance with rigorous security and reliability standards—potentially affecting the reliability of future elections and voter confidence in the accuracy of the vote count."
In response to the release of the GAO report, members of the House Committee on Government Reform issued a statement that highlighted a long list of voting system vulnerabilities, also reported by Dill's Verified Voting Foundation. But the reality behind the GAO laundry list is that electronic election systems are grossly inadequate and that vendors are not being held accountable by election commissioners to provide security in their election systems or, as in the case of the North Carolina Board of Elections, even to comply with the law.
Not to mention, "They have none of the security levels that computer scientists have been asking for," added Simons.
If election systems vendors are not required both by law and by state election commissioners to place their software source code in escrow, then voters will have no way of knowing whether the software contains malicious, election-rigging code or not.
But as the technical director of Johns Hopkins' Information Security Institute, Dr. Avi Rubin believes it is only a matter of time before the vendors are forced by legislators to give it up. "I think they will be forced by law to share their source code. But they will do it kicking and screaming."
Despite the steadfast work of the leading computer science experts and grassroots activists, it seems the problem of election rigging is still not taken seriously enough. That means it is still easy to rig an election via e-voting in the United States, and it will continue to be easy until election fraud is considered a priority.
COMMENT #31 [Permalink]
said on 1/10/2006 @ 10:11 am PT...
RE: PROBLEM OF ELECTIONS RIGGING NOT TAKEN SERIOUSLY ENOUGH
The article above, THE PROBLEM OF ELECTION RIGGING NOT TAKEN SERIOUSLY ENOUGH, submitted by me, was missing the following link: http://www.chronogram.com/issue/2006/01/news/
the author of this fine piece is Cheryl Gerber.
I regret the error.
COMMENT #32 [Permalink]
said on 5/6/2006 @ 4:18 am PT...